An example of a working app store validation, with code signing checks.
C Objective-C
Failed to load latest commit information.
asn1 Initial Revision Jan 7, 2011
ethernet.h Initial Revision Jan 7, 2011
main.m (Hopefully) fixed a GC refcount error from SecKeychainOpen(). Jan 30, 2011


Mac App Store Validation

The code here is based upon the documentation released by Apple. It's been de-obfuscated somewhat, but still has enough to give an idea of how one might take it further. The code in the asn1 folder was generated using the asn1c tool using the definitions on the aforementioned Apple document.

It validates the package receipt and will check the contents of that receipt against its own Info.plist as well as ensuring it has a valid digest for the current machine. In order to protect the Info.plist it also check the app's code signature, since modifications to that file will invalidate the signature.

This implementation isn't guaranteed to be perfect by any means, but it ought to be better than nothing.